出处:http://blog.csdn.net/acmman/article/details/78585662
controller 层
@RequestMapping("/login.action")
@ResponseBody
public Map<String, Object> login(DicUser dicUser, String validateCode, HttpServletRequest request) throws Exception {
// 存放登陆结果信息
Map<String, Object> result = new HashMap<String, Object>();
result.put("code", "success");
// 验证码校验
HttpSession session = request.getSession();
String sessionValidateCode = (String) session.getAttribute("validateCode");
if (!sessionValidateCode.equalsIgnoreCase(validateCode)) {
result.put("code", "false");
result.put("msg", "验证码错误");
return result;
}
// shiro安全登陆
try {
SimpleHash simpleHash = new SimpleHash("MD5",dicUser.getUserPassword(),dicUser.getUserLoginName(),0);
UsernamePasswordToken token = new UsernamePasswordToken(dicUser.getUserLoginName(),simpleHash.toString());
//token.setRememberMe( true );//记录用户
// 获取加盐后的MD5值
//TODO
Subject currentUser = SecurityUtils.getSubject();
//身份认证
currentUser.login(token);
//首次登陆日期
dicUser = dicUserService.findUserByUserLoginName(dicUser.getUserLoginName());
if(dicUser.getFirstDate() == null) {
dicUser.setFirstDate(new Date());
dicUserService.updateUser(dicUser);
}
} catch (IncorrectCredentialsException e) {
result.put("code", "false");
result.put("msg", "帐号或密码错误");
} catch (Exception e) {
result.put("code", "false");
result.put("msg", e.getMessage());
} finally {
}
request.getSession().setAttribute("validateCode","");
return result;
}
自定义realm
/**
* 认证,登录
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
System.out.println("访问了认证");
UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
String userLoginName = usernamePasswordToken.getUsername();
if (userLoginName == null) {
throw new AccountException("用户名不能为空");
}
DicUser dicUser = dicUserService.findUserByUserLoginName(userLoginName);
if (dicUser == null || dicUser.getUserGrade() == 2) {
throw new UnknownAccountException("此账号不存在");
}
if(0 == dicUser.getIsActive() ) {
throw new DisabledAccountException("此帐号已经被禁用");
}
//7.根据用户的情况,来构建AuthenticationInfo对象,通常使用的实现类为SimpleAuthenticationInfo
//以下信息是从数据库中获取的
//1)principal:认证的实体信息,可以是username,也可以是数据库表对应的用户的实体对象
Object principal = dicUser.getUserLoginName();
//2)credentials:密码
Object credentials = dicUser.getUserPassword();
//3)realmName:当前realm对象的name,调用父类的getName()方法即可
String realmName = getName();
//4)credentialsSalt盐值
ByteSource credentialsSalt = ByteSource.Util.bytes(userLoginName);//使用账号作为盐值
SimpleAuthenticationInfo info =new SimpleAuthenticationInfo(principal, credentials, credentialsSalt, realmName);
return info;
}